package com.szpxt.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class JspFilter implements Filter {

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {}
	
	@Override
	public void destroy() {}

	@Override
	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) 
		throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest)servletRequest;
		HttpServletResponse response = (HttpServletResponse)servletResponse;
		HttpSession session = request.getSession();
		
		String uri = request.getRequestURI();
		
		Object objectPrivilege = session.getAttribute("strPrivilege");
		String strPrivilege = objectPrivilege != null ? (String)objectPrivilege : "";
		
		if(uri.endsWith("organization.jsp") && strPrivilege.indexOf("privilege_organization") == -1) {	//检查组织页面权限
			response.setStatus(401);
			response.sendRedirect("/szpxt-beta/error/401.jsp");
		}
		else if(uri.endsWith("role.jsp") && strPrivilege.indexOf("privilege_role") == -1) {				//检查角色页面权限
			response.setStatus(401);
			response.sendRedirect("/szpxt-beta/error/401.jsp");
		}
		else if(uri.endsWith("user.jsp") && strPrivilege.indexOf("privilege_user") == -1) {				//检查用户页面权限
			response.setStatus(401);
			response.sendRedirect("/szpxt-beta/error/401.jsp");
		}
		else {
			filterChain.doFilter(request, response);
		}
	}

}
